Spam Gets Personal 141
Vitaly Friedman writes "Two researchers demonstrate how much more effective spam could become if its authors used basic data-mining to personalize their messages. From the article: "North America, though no longer the world leader in spam production, still has serious potted meat problems. A recent research paper out of the University of Calgary suggests that those problems could soon be a lot worse if spam creators adopt a few simple data-mining procedures.""
what does it mean? (Score:5, Funny)
If this isnt personalized, what more can I expect? :)
Re:what does it mean? (Score:1)
Re:what does it mean? (Score:4, Funny)
No, you left your webcam on. You should get a better chair, btw.
Re:what does it mean? (Score:2)
Hi Honey, you need to get some Vi@gra.
Dupe. (Score:4, Informative)
And not very accurate the first time, either. Since Mom probably isn't going to be sending me v1agr4 ads, it will be easy to find and clean the infected machines.
Re:Dupe. (Score:2)
Security Through Obscurity (Score:4, Insightful)
Winner of the 2006 IgNobel Award for SPAM Research (Score:3, Funny)
What else do they have? (Score:5, Insightful)
Seriously; do the spammers NEED any more help?
Re:What else do they have? (Score:5, Funny)
Re:What else do they have? (Score:2)
That's one of those Ask
Re:What else do they have? (Score:1)
#identify the sentence containing it.
#wrap in BLOCKQUOTE and EM tags.
#append boilerplate reply containing link. */
Then why does this link [slashdot.org] disagree?
Seriously, if any slashdot jerk (like me) can come-up with this in a half minute, the spammers won't be far behind, with help or without it.
Re:What else do they have? (Score:3, Insightful)
Oh, wait...
Re:What else do they have? (Score:2)
I already have ten emails telling me how to do this, AND THEY ARE IN MY AREA!
Great! and in other news... (Score:5, Insightful)
Re:Great! and in other news... (Score:3, Insightful)
In response to your analogy, isn't it a good thing that scientists be aware of this and prepared to respond?
Re:Great! and in other news... (Score:3, Insightful)
Re:Great! and in other news... (Score:2)
Sure, maybe not high on the ethical scale, but think about improvements to humanity as a whole.
When dealing in huge volumes of humans (Score:3, Interesting)
The solution is not to be found in expecting *everyone* to change their behavior, because such an expectation is bound to fail. The solution is to be found in tightening up the mechanism behind data authentication and transport, both with technology an
Re:When dealing in huge volumes of humans (Score:2)
I'm happy with the current situation. (Score:2)
Messages received: 9,466
Messages identified as spam: 394
Messages flagged with a virus: 1
Sure, it's possible to get better than that. But for the company I work for, the "spam problem" is effectively "solved".
And over time, it just going to get better as the spamtrap address I've been using are sold and re-sold amongst the spammers.
I'm sure others have even better stats. I'm using a mix of Exim4, greylisting and SpamAssassin along with my personal white/black lists (populated by
Re:When dealing in huge volumes of humans (Score:2)
There's this SPAM remedy boilerplate which would be appropriate here. However, I'm too lazy to look it up.
Short answer: Botnets send out majority of spam right now. Botnet pwned box will pass whatever origin query you may subject it to, right down to chirpily answering challenge/response type lookups. And most box
Re:Great! and in other news... (Score:2)
Re:Great! and in other news... (Score:2)
15 years ago as a part of my coursework in Mol Biol I had to read a few years worth of issues of the American Journal of Human Genetics http://www.journals.uchicago.edu/AJHG/ [uchicago.edu]. While most of them were the usual polymorphisms, Bayes Statistics and similar stuff, one article struck me as utterly suicidal. Some psychopaths (I would not call them anything else) were reporting preliminary findings on a potential HIV vaccine. They tried to design it my introducing genetic material responsible fo
Psychopathic science and immune exploits. (Score:3, Insightful)
don't kid yourselves (Score:4, Interesting)
Th US most definately is the world leader in the production of spam [spamhaus.org]
treat the disease not the symptoms
Re:don't kid yourselves (Score:3, Interesting)
USA! USA! USA!
More seriously... I believe that list lists the nationalities of the spammers.. not the country where the spam actually orginates. Let's be careful to not confuse Americans with America. For instance, the #1 guy on the list is an American, who hosts most of his spam servers in China.
Re:don't kid yourselves (Score:2)
American spammers, spamming to an American audience, to earn American dollars for their American companies. In that situation (and obviously anecdote != data, etc, but personally that situation accounts for at least 75% of my spam) it's an American problem. Who gives a monkey's where the servers are, physically? That's what really annoys me when I see slashbots talking about firewalling China or dropping all packets from Europe as an anti-spam measure. It's an American problem! (By wh
Re:don't kid yourselves (Score:2)
Why are we helping spammer? (Score:5, Funny)
Re:Why are we helping spammer? (Score:5, Insightful)
Now I'm not trying to argue that we should have more spam, but the people at Sony would also not want to argue that we should have more DRM-cracking. It's simply a matter of perspective. And anyway, I'm sure the paper (no I didn't RTFA) was created to try to address the problem before it really shows up so it's not so bad rather than encouraging the noxious spamlords.
Poor analogy (Score:2)
Both of your supposed analogies are actions against single instances of an inanimate object.
Perhaps you're trolling but, you know, spam scales to affect millions of people (if it works!).
Re:Poor analogy (Score:2)
Re:Why are we helping spammer? (Score:3, Insightful)
"Some might argue that publishing such research will only guarantee that the ideas are used by spammers, but the authors are convinced that such personalization will happen sooner or later anyway, and that it's better to be prepared for the inevitable than not to talk about it."
I don't know if I wholly agree with them, but at least give them credit for thinking that they can head the spammers off at the pass. Maybe th
SI, please (Score:2, Offtopic)
These guys are from Calgary. A gram of prevention is worth a kilogram of cure. None of these barbaric, obsolete units of measurement for them.
Ah poop, I'm going to get modded offtopic again, aren't I?
Re:Why are we helping spammer? (Score:2)
Here is how and why you wish to know. (Score:2)
Now how can a smuggler use this? A columbian drug lord can afford to research and create their own glider. It can then be loaded with several tons of coke. Yes, TONS. Then allow the glider to do its thing. How long will it take? Who cares as long as it gets there. It may have to move across t
Re:Why are we helping spammer? (Score:2)
I think if you saw first hand the positive effect that the income produced from cocaine exports has on otherwise forgotten, poverty striken bolivian townships you'd rethink your views on cocaine. They supply a sought after product, to a willing market and then, because of the 8 to 1 exchange rate, make a lot of money, which then gets spent liberally in the local township. The difference between a cocaine exporting township and a non exporting township in Bo
Meat problems. (Score:1)
Lumpy Lumperson (Score:2)
Thanks - hope those spammers/terrorists have TiVo and a notepad.
Scott Richter, are you getting all this?
smtp doesn't work (Score:3, Insightful)
We need something different that focuses on point to point authentication of hosts and users. Frankly, hardware DRM or immutable hostids build-on to motherboards might offer at least a host authentication solution. Not a popular suggestion, I know...
Actually snail mail is just as broken... (Score:5, Interesting)
It's totally unacceptable: Buried below a ton of trash I find two seriously dangerous invoices with 4digit numbers in the red. If I ever miss out one of them I'd probably go to jail, but hey, why not throw another pizza flyer on top of all that, the planet sure can handle this and what else are those trees for?
Personally if I was going to choose I'd vote for e-mail spam just to get rid of this total waste of ressources.
There should be a LAW against this, and against buying from spammers, reallife or virtual.
USian snail mail: return receipt requested (Score:3, Insightful)
There is nothing analogous to that in email. Primarily because there is no mechanism to first ensure authenticity and then ensure delivery. A public-key cryptographic system that used hardware level keys (or key generation) coul
Re:USian snail mail: return receipt requested (Score:3, Interesting)
Sounds familiar. I've been jumping up and down proclaiming the need for end-to-end authenticated SMTP for... many [slashdot.org] years [slashdot.org] now.
Yes, much agreement here (Score:2)
As for delivery authentication, that's a another kettle of fish. Two s
Re:Yes, much agreement here (Score:2)
I don't think the issue of a mail server lying and saying that it used a key when communicating with the sending user is all that important, personally. For the whole certified email equivalence, yes, I suppose it is, but for getting rid of spam, not so much.
If you really want to ensure that an email was sent by a particular person, nothing short of the actual sender signing the entire message with a private key which can then be verified against that person's public key will really provide that. I don'
Re: your second point, PGP (Score:2)
Re:USian snail mail: return receipt requested (Score:2)
Sometimes it is, sometimes it isn't. Sometimes it's merely sent registered (as in the sender gets proof of mailing, and the postman fills out a form when he puts it in your mailbox). Sometimes it's merely sent certified. In
Re:USian snail mail: return receipt requested (Score:2)
For sender authentication there is S/MIME, the standardized version of PKCS #7. It can, with a very high level of security, demonostrate who sent an email message.
For ensuring delivery there is RFC 2298, which describes "Message Disposition Notifications", including return receipts. All the "groupware" client/server packages (Exchange, Groupwise, Notes...) have since their respective version 1.0's supported this internally.
"Important" messages should almos
yeah, those standards are badly broken (Score:1)
Re:USian snail mail: return receipt requested (Score:2)
Rejecting based on hostnames used in the HELO/EHLO? You can already do that in the major Unix MTAs. That doesn't stop the spammer from claiming to be something else. The spammer _0wns_ the sending host. The spammer can choose to send you whatever c
My effective, ridiculed way to stop spam.... (Score:2)
I solved my spam problem and talked about it here. [slashdot.org]
I was Slashdotted so my approach had some merit with some of the crowd here.
But in the end I was 'marginalized' for my efforts to make email useable again.
Anyway, you can read the Slashdot thread and visit my site if you want to for more information and to learn how I
Re:My effective, ridiculed way to stop spam.... (Score:2)
Care to show benchmarks?
Re:My effective, ridiculed way to stop spam.... (Score:2)
All I can offer are the following observed 'guestimates'
per http://slashdot.org/comments.pl?sid=171793&cid=143 09227 [slashdot.org]
I calculate my POP3 program's processing speed at 660KB a minute and 40 messages a minute. This takes into account my PC's CPU speed of 1.1 GHz and a broadband connection to the Internet.
In practice I have observed the program deleting 1-2 spams a second when
they were short and didn't have any imbedded file attachments.
If you are stopping about 90% of
Re:My effective, ridiculed way to stop spam.... (Score:2)
Since your program basically acts after data is received and dumped in the inbox by the MTA, I don't see it as being much more effective in the fight against spam than a content filter, except for requiring less maintainance.
OTOH, if you could code it up as a proxy for desktops which hijacks connections to port 25, and filters outbound mail, it would actually be useful. Stopping the spam from being sent is a much better way to fight spam.
Re:My effective, ridiculed way to stop spam.... (Score:2)
From a programming standpoint, scanning the email as it is being sent by the SMTP DATA statement is doable but maybe more complicated than its worth. If you have a reputable list of known spam spewing IP addresses, you can cut them off the instant they connect. My mailserver program is capable of this. It also stops IPs from connecting more than once. One SMTP connection is all you need to transfer email, righ
Less Spam (Score:1)
Re:Less Spam (Score:1)
1) I'm talking about a work server which managed email for many hundreds of users, not my personal vanity domain.
2) It shouldn't matter. Though I do ask slashdot to bogusfy my email addy and right now they aren't doing a very good job of it.
Re:smtp doesn't work (Score:2)
How? If all email from any provider had a digital signiture then spamming that spoofs a legit email address, or even a fake one would have to have a digital signiture. When the SPAM shows up at the server, it is then checked for a certificate. If it lacking a real certificate, then it is run to ground, or flagged as SPAM. The certs would expire after so many emails, say 500. Everytim
Who verifies the validity of that signature? (Score:2)
Like I said, choose one:
Re:Who verifies the validity of that signature? (Score:2)
Re:Why should email be anonymous? (Score:2)
Aah! No! (Score:2, Insightful)
As far as the load on mail servers, there's plenty of middle ground between waiting for an RFC or capitulating to DRM to fix the SMTP problem. Mindshare is the only real obstacle between the way things are & a least-privelige mail system that uses strongly signed logins integrating a sender/receiver p
Duh! (Score:5, Interesting)
The reason they don't do this now is that the spammers doing it are not geeks. They're taking pre-built scripts, modifying some parameters, and letting them go. They will keep doing this until those scripts no longer work, and then they will move onto newer ones. The only was this will happen is if some hacker gets bored, reads this article, and desides there's a lot of cash to be made selling just such a thing to the spammers.
Be real -- no matter how personalized an email gets, I'm still going to know it's not from somebody I know, because I don't make email my primary mode of correspondence and where I do, I can easily figure out that my mother isn't going to be sending me ads for Viagra.
Now, if they could make a Turing-capable spam generator, I'd be impressed.
Modifying parameters? (Score:2)
Don't be so sure about that "modifying parameters" part. I sure see a lot of pink stuff with "Subject:" lines of "%SUBJECT" and so forth. Certainly doesn't lead you to doubt Rule #3 of the Rules of Spam [rahul.net].
Re:Duh! (Score:2)
They win if they can fool your filters, so you have to read it to decide whether it's real. However, more sophisticated personalised mail could make very dangerous phishing attacks. Eg, an email from your mother "Dear, I've forgotten my banking password....". It may not fool you, but like any spam, they only need a few scores out of millions to make it pay.
They're data mining already! (Score:5, Funny)
gee, guys, thanks (Score:3)
just because you know how to do something like essentially unbreakable steganography in video sequences doesn't mean that it's something you need to share with the rest of the world.
Re:gee, guys, thanks (Score:2)
In one of Greg Egan's novels a few years back he had AI in answering machines working as spam filters against AI and data mining used for telephone spam.
meat problems? (Score:3, Funny)
Yeah, he's right. (Score:4, Insightful)
One thing to note, however... Once you start mining information from a Zombie (which -- to be honest has already been done), it makes it easier to identify the zombie and shut it down. (I.e. if I get a spam with information from mikie's machine, I'll immediately phone him and tell him to shut down and clean up his machine. Now mikeie's machine is unavailable to the spammers.)
I think that that is the real reason why zombie systems don't use data mining.... It's like an 'undercover' cop who fingers every low-level pusher-addict he runs into.... He'll never live long enough to get the information he wants on what goes on inside the biker gang's 'clubhouse'.
This is one of the things that I do... I wrote a filter that peels apart an email, removes the 'legitimate' IPs in the Received: headers collected en route, and attempts to send an email to the IP responsible for the source of the email. It usually takes them a while, but they will shut down the responsible zombie.
I stopped doing that for a couple of months, and my spam climbed to unbearable levels. I started using the script again a couple of days ago, and the spam I've been getting has already dropped noticably.
Re:Yeah, he's right. (correction) (Score:2)
That should have been:
and attempts to send an email to the ISP responsible
(fyi: It involves a reverse DNS lookup and abuse.net records)
Re:Yeah, he's right. (correction) (Score:2)
Re:Yeah, he's right. (correction) (Score:1)
Re:Yeah, he's right. (Score:2)
Re:Yeah, he's right. (Score:2)
I figure out the 'legitimate' addressess manually -- any machine in your 'legitimate' email delivery path should be listed... I.E. primary and secondary MXs ..
Note that if you use this to 'report' messages delivered to you via mailing list, you must include the IPs associated with the mailing lists as well. Any address not in the 'legitimate' list is presumed to be the first IP in the SPAM chain (i.e. an Open
Even worse... (Score:2)
And they could start sending their messages via USPS bulk rate.
This would surely bring about the end of civilization as we know it.
Re:Even worse... (Score:2)
And they could start sending their messages via USPS bulk rate.
This would surely bring about the end of civilization as we know it.
Nah, it'd just allow the U.S. to balance the budget (and turn the U.S.P.S. into a cost center for the government
Recommendations (Score:5, Insightful)
Fortunately for those who detest spam, the authors also present four new defenses that could help stop this newer, more personalized spam. First, e-mail archives can be encrypted, making it difficult for malware to mine them for information.
WOW - so I've got to accept that my computer IS broken into and encrypt even local data? Thank you very much - my computer would rather not be broken into.
Second, these archives can also be "salted" with false information such as spam trap addresses. Third, the authors suggest that all URLs followed from an e-mail client be viewed in a "sandboxed" browser that would prevent automatic downloads.
Sandboxed browser? Ok - they're joking. Who uses external content displaying in their mail? And anyone hasn't got a "HTML=+80% spam" rule in mail client yet, generated AUTOMATICALLY FROM EXAMPLES?
Finally, anti-spam filters can be adjusted to better screen for these types of attacks.
Care to elaborate?
Ok - this is all going in the wrong direction. Why shouldn't I trust *my system*? Why should I allow my incomming mail to use outside objects? I thought that people, who can build a natural-language-messages data mining / composing system can understand basics of home computer security...
Besides - if spam will mimic a friend's style and probably send mail as that friend - then you know exactly who to filter out and who needs billing for a "PC security" lessons
I think this article is spammish (Score:1)
Giving birth to AI??!?!? (Score:2)
As algorithms become better and better at sending SPAM, combatting methods will become increasingly sophisticated.
Witness the Bayesian filtering phenomenon. Back in the day, who would've thought that a "learning" system would be needed just to determine what's junk mail?
SPAM is a side-effect of intense economic and evolutionary pressure - the value of getting your attention and maybe your pocketbook. I
Old news (Score:2)
Targetted Spam (Score:5, Interesting)
The whole point of the spam business model is that it's low-cost. Any filtering would raise costs compared to simply flooding the world with the same payload.
If spammers were in the slightest interested in addressing their markets, I wouldn't be seeing several thousand Asian-language spam per day addressed to a North American mail server. None of us would be seeing spam with hash-busters, mangled "Subject:" lines, and other filter avoidance hacks.
This seems like one more attempt to promote the idea of "good spam" for mainsleazers like Kohl's department stores.
Content based anti-spam will never be complete (Score:3, Insightful)
This is my own personal opinion, but I think e-mail has to go in the direction of EASY TO USE crypto based authentication. This technology already exists (pgp) and is used heavilly by the computer security industry. it would make a lot of sense IMHO if EVERY e-mail from my bank was cryptographically signed using the bank's private key. Websites are encrypted and authenticated using public/private key cryptography (SSL) why can't the same thing be done for e-mail?
If Microsoft, Apple, Ebay/Paypal, Verisign, a few banks etc... got together, agreed to a SINGLE existing standard, and implemented it in a transparent and easy to use way, it might go a long way to reducing spam. Citibank could say, "all e-mail we send is cryptographically signed by Citibank. If you get an e-mail that is not signed by Citibank, then it isn't from us." Obviously there are still USARS out there who wouldn't get it, but i think this would be a big step in the right direction.
(P.S. Yes I know a variety of e-mail programs implement various crypto stuff already, but as far as I can tell, almost no one uses it or knows how to use it.)
The attack of the zombies (Score:2)
That only works if the zombies aren't on a DUL [1].
Beyond that, it's pretty easy to spot zombies locally because they hit spamtrap addresses. Once they do, the sending IP gets locally blackholed on the spot without SMTP ever getting beyond "RCPT-TO"
[1] Dial-Up List: list of dynamic IP addresses, not always dialup.
Single existing standard (Score:2)
It's been tried. Microsoft won't support anything that doesn't ultimately give them control of all e-mail.
Beyond that, encryption or signing of the contents requires that the MTA accept the whole stinking pink pile before even considering routing it to /dev/null -- and then it has to burn a hu
Who paid the researchers? (Score:4, Funny)
This also qualifies as a DUH! Of course if you send spam that looks like it comes from someone you know it has a better chance of getting through.
Security by obscurity. (Score:3, Insightful)
And yet, if you look at any posts about how Microsoft or Sony or whatever are trying to keep their software's flaws obscure so they don't get exploited, the Slashdot community generally rails on them like there's no tommorow. So hypocritical.
I thought people here were generally smart enough to know that security by obscurity doesn't work. Just because Joe Spammer doesn't care to tinker around to make his spam more devious doesn't mean Joe Hacker isn't gonna do it just for the hell of it and pass it along to Joe Spammer somehow.
Promoted by Microsoft... (Score:1)
All this is made possible by Microsoft's crappy security structure of their OS's.
You can't mine data, if you don't have access to the files that store that data.
As far as stopping the spam from coming in? We can do that. The methods for detecting spam in it's current state apply. Whether it's detecting Penis enlargment, phishing scams, XXX content...etc., we can already do that. So bring on the personalized spam I say. I can swat it away just as fast as if it didn't have your name on it.
Identity theft (Score:1)
In summary... (Score:2)
Vik
Re:In summary... (Score:2)
Re:In summary... (Score:2)
Vik
It already did... (Score:1)
" Dear Gavin {my surname}
I am Barrister Atiko Benson, a senior advocate,personal attorney to Mr.Andrew {my surname},who used to work with Shell Development Company in Lome Togo. Herein after shall be referred to as my client.
On the 21st of April 2001, my client, his wife and their only daughter were involved in a gastly car accident..."{continue classic
Hitting the Nail on the Head (Score:2, Funny)
Failed already (Score:1)
Real spam research (Score:4, Interesting)
The TREC tests involved tests on 350,000 email messages. A 92,000 message public corpus from this effort is available for free download [uwaterloo.ca].
John Graham-Cumming (no relation to TREC) has created SpamOrHam [spamorham.org] -- a community-based effort to adjudicate the judgements in the TREC corpus. This'll let us test in a big way Yerazunis' contention that spam filters are better than humans.
Any filter writer can participtate in TREC 2006 [nist.gov] by submitting a letter of intent now and a filter in due course.
There's also an upcoming scientific spam conference this summer - CEAS [www.ceas.cc].
Solution? (Score:1)
Or to paraphrase Stewie Griffon (Score:2)
Re:Duh! (Score:1)
LATHE'D!